Join us at 2024 API And Application Security Summit in Columbus!
Join us at 2024 API And Application Security Summit in Columbus!
Join us at 2024 API And Application Security Summit in Columbus!
Join us at 2024 API And Application Security Summit in Columbus!
Join us at 2024 API And Application Security Summit in Columbus!
Join us at 2024 API And Application Security Summit in Columbus!
Privacy settings
We use cookies and similar technologies that are necessary to run the website. Additional cookies are only used with your consent. You can consent to our use of cookies by clicking on Agree. For more information on which data is collected and how it is shared with our partners please read our privacy and cookie policy: Cookie policy, Privacy policy
We use cookies to access, analyse and store information such as the characteristics of your device as well as certain personal data (IP addresses, navigation usage, geolocation data or unique identifiers). The processing of your data serves various purposes: Analytics cookies allow us to analyse our performance to offer you a better online experience and evaluate the efficiency of our campaigns. Personalisation cookies give you access to a customised experience of our website with usage-based offers and support. Finally, Advertising cookies are placed by third-party companies processing your data to create audiences lists to deliver targeted ads on social media and the internet. You may freely give, refuse or withdraw your consent at any time using the link provided at the bottom of each page.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Ransom DDoS (RDDoS) attack

Taking computer networks hostage for financial gain is an example of how extortion has progressed online from the physical world. Attackers use ransomware and other forms of ransom denial of service (RDoS) to blackmail their victims into paying a ransom, typically in the form of cryptocurrency, by locking them out of their own systems or severely degrading the performance of their networks unless the ransom is paid.

Ransom DDoS (RDDoS) attack

An overview of Ransom DDoS (RDDoS) attack

DDoS extortion attacks, also known as ransom distributed denial-of-service (RDoS) attacks, occur when hackers threaten to launch DDoS attacks unless a ransom is paid. The hacker requests payment, which is typically in the form of bitcoin so that the transaction cannot be traced by law enforcement agencies.

RDoS meaning of such assault is the same as that of a standard DDoS attack: to overwhelm a server or network with bogus requests in order to prevent any real traffic from getting through. This can tarnish a company's image, cause disruptions in operations, and even lead to financial losses. However, paying the extortion charge is not advised because there is no assurance that the attackers would cease the attack and the attackers may demand even more money in the future.

When comparing DDoS extortion/RDDoS attacks to ransomware attacks, it's important to note that there are key differences. When malicious software encrypts a company's files, it can't be decrypted until the ransom is paid. The target of a distributed denial of service attack will not be compromised in this type of assault; only network or application traffic will be interrupted.

Reasons Why RDDoS Becomes a Threat Vector

Some of the following factors contribute to the expanding role of RDDoS in cyberattacks.

  • Assaults now need less effort than spyware installation—installing malware in an organization's IT system demands professional knowledge. Customizing and exploiting software vulnerabilities for the purposes of sabotage or data theft also takes time. DDoS assaults are relatively simple to execute, and botnets can be rented at a low cost.
  • Assailants can simply carry out attacks using standard online applications—and attackers are increasingly leveraging gadgets with built-in network protocols to augment DDoS strikes. This utilizes few resources. Removing networking technologies like as CoAP, ARMS, and WS-DD might result in a loss of usefulness, profitability, and accessibility.
  • Extortion approaches become more beneficial to attackers as Bitcoin values rise—when Bitcoin prices climb, RDDoS criminals revise their demand strategy and launch enormous coercion campaigns.

How Do Hackers Launch This Attack?

Numerous DDoS begin with a ransom note that threatens the victim organization. Before sending out the ransom note, some criminals will launch a little attempt to show that they mean business.

In the event that the one attacking perceives a genuine threat and proceeds with the attack anyhow, the following may occur:

  • The criminal or collective of criminals initiates the flow of assault traffic towards the target. They could employ a personal botnet or a rented DDoS service. Layers 3 and 4 of a network can be the target of a distributed denial-of-service attack, whereas layer 7 can be the target of a more traditional type of attack.
  • Due to the high volume of attacks, the targeted service or application becomes unresponsive.
  • The assault continues until the criminal runs out of time, energy, or money, the target successfully defends against it, or the assault is stopped. Methods of mitigating denial of service, such as IP blocking and rate restriction, are only useful for preventing minor disruptions. Most businesses rely on cloud-based DDoS protection services because of their ability to scale up and resist even the largest attacks.
  • The offender may conduct additional attacks, reiterate their payment demand, or perhaps both.

History Of RDDoS Attacks

Ransomware denial-of-service (DDoS) attackers, like those behind other forms of malware, are always honing and improving their methods. This increases their ability to carry out the threats stated in the ransom letters and the profitability of the attacks themselves.

To conceal their true identities, RDoS attackers may often adopt the identities of well-known APTs like Fancy Bear, the Armada Collective, or the Lazarus Group. In 2020, these groups' attacks were multi-stage and aimed at businesses across a variety of industries. Later in the year, attacks resumed on the same organizations that had not paid the initial ransom demand of 20 BTC. The bad guys were trying to maximize their return on investment by reusing data they had already collected.

Malicious hackers targeted ISPs and cloud computing infrastructure in 2021. It was clear that the attackers had done their homework, as they went for just the most vulnerable systems. It is clear that the cybercriminals behind the RDoS campaigns were making extra efforts to increase the likelihood of a successful attack and ransom payment by resorting to these more focused attacks.

How To React in A RDDoS Attack?

A RDDoS note is a serious threat, but it also buys the recipient company some time to prepare for the attack. If a company receives an RDoS demand, it should take the following measures:

  • Do Not Pay the Ransom

Paying the ransom offers no assurance that the cybercriminal will not attack regardless. In addition, the cybercriminal may return and threaten other attacks in order to extract additional payments.

  • Pass the Information Along

RDoS ransom notes are frequently given to random people within an organization who may not know what to do with them. Education of employees is necessary to guarantee that information reaches the appropriate individuals to enable a reaction.

  • Check for a Demo Assault

Hackers may conduct a demonstration attack prior to the deadline in order to demonstrate their skills. Screening for a simulated attack can aid in identifying if a danger is real and provide valuable threat knowledge for defending against the attack.

  • Notify Your Security Personnel

Inform your security provider with any accessible details regarding the threat, including the ransom note and any data from a demonstration attack. This enables them to better prepare for the threat's mitigation.

How Do I Prevent a RDDoS Attack?

When an entity gets a RDDoS threat, it should take phases to get ready for the attack and stop it. Among the finest practices are:

A RDoS attack will likely target Internet-exposed, mission-critical systems, such as a company website or VPN gateway. Recognizing potential targets is a prerequisite for their protection.

  • Develop a Plan

Planning a reaction during a DDoS attack results in additional minutes of outage. Develop a DDoS response plan in advance to enable rapid attack mitigation.

  • Implement Complete DDoS Protection

If the cybercriminal cannot effectively launch a DDoS assault against the organization, an RDoS letter is a bluff. Essential to an RDoS prevention plan is the deployment of a comprehensive DDoS protection system from a vendor known to have managed and blocked large-scale DDoS and RDoS attacks.

  • Examine Ddos Mitigation SLAs

A DDoS protection provider must provide at least six essential SLAs. Prior to an attack, ensure that a vendor's SLAs satisfy business requirements.

RDDoS Attack Vs Ransomware

Security breaches are a prevalent type of online extortion. Ransomware is malicious software that encrypts the systems and databases of an organization, rendering them inoperable. Once the encryption has been completed, the attacker will demand payment to decode the organization's systems. Somehow, ransomware must gain entree to an organization's internal systems or network; infected email attachments coupled with phishing assaults are a popular danger vector.

DDoS ransom attacks, unlike ransomware attacks, do not encrypt a company's systems; instead, they try to knock them offline. In addition, it does not require the attacker to get access to an association’s internal structures. With adequate DDoS protection, a DDoS ransom attack has minimal to no effect on the operation of a firm.

Defending Against RDDoS Attacks with Wallarm

A professional and proven security technology is necessary to effectively combat RDDoS threats. Specifically, Wallarm's API security solution is recommended as a robust, real-time protection against RDDoS attacks for APIs, apps, and serverless workloads in cloud-native environments. The product is designed by security practitioners and employs AI technology to provide automatic and continuously improving protection, keeping users ahead of potential attackers. In addition, Wallarm offers assistance to victims of RDDoS attacks who are being targeted by cybercriminals.



Subscribe for the latest news

February 26, 2024
Learning Objectives
Subscribe for
the latest news
Related Topics